<?php
session_start();
require_once __DIR__.'/../../utils/checkTokenUtils.php';
require_once __DIR__ . '/../../utils/MysqlDBUtils.php';

use utils\MysqlDBUtils;

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    die("错误：仅支持POST请求");
}

$dbUtil = new MysqlDBUtils();

$categoryName = isset($_POST['category_name']) ? trim($_POST['category_name']) : '';
$description = isset($_POST['description']) ? trim($_POST['description']) : '';
if (empty($categoryName)) {
    $_SESSION['error_message'] = "分类名称不能为空";
    header("Location:Categories.php");
}

$escapedCategoryName = $dbUtil->escapeString($categoryName);
$escapedDescription = $dbUtil->escapeString($description);
$insertSql = "INSERT INTO book_category (category_name,description) VALUES ('$escapedCategoryName','$escapedDescription')";
$result = $dbUtil->prepareQuery($insertSql);
if ($result !== false) {
    $_SESSION['success_message']='分类添加成功！';
}else{
    $_SESSION['error_message']='错误：数据库插入失败';
}

//重定向回图书列表
header("Location: Categories.php");
exit;
?>

